Prevent SSL ROBOT

ROBOT (Return of Bleichenbacher's Oracle Threat) is the reappearance of a vulnerability in SSL/TLS that appeared first in 1998. This article explains, how you can prevent SSL ROBOT.

Security Assessment

Security_Assessment_ PreventSSLROBOT

CVSS Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

ROBOT (Return of Bleichenbacher's Oracle Threat) is the reappearance of a vulnerability in SSL/TLS that appeared first in 1998. Certain implementations of cipher suites using the RSA algorithm allow an attacker to fully break the confidentiality of the encryption.

Guides

To prevent ROBOT make sure that your SSL/TLS server is up-to date. Try to not use RSA ciphersuites which may be affected by the vulnerability. To disable these cipher suites, refer to: Secure TLS Configuration

For more information about Crashtest Security visit crashtest-security.com